I attended BlackHat USA 2017, Elastic had a booth on the floor I spent a fair bit of time at as well as meetings scattered about the conference center. It was a great time as always, but this year I had a secret with me. I put together a Raspberry Pi that was passively collecting wifi statistics. Just certain metadata, no actual wifi data packets were captured or harmed in the making of this. I then log everything into Elasticsearch so I can build pretty visualizations in Kibana. I only captured 2.4 Ghz data with one radio, so I had it jumping around. Obviously I missed plenty of data, but this was really just about looking for interesting patterns.
I put everything I used to make this project go into GitHub
, it’s really rough though, you’ve been warned.
I have a ton of data to mine, I’ll no doubt spend a great deal of time in the future doing that, but here’s the basic TL;DR picture.
I captured 12.6 million wifi packets, the blue bars show when I captured what, the table shows the SSIDs I saw (not all packets have SSID data), and the colored graph shows which wifi channels were seen (not all packets have channel data either). I also have packet frequencies logged, so all that can be put together later. The two humps in the wifi data was when I was around the conference, I admit I was surprised by the volume of wifi I saw basically everywhere, even in the middle of the night from my hotel room.
Below is a graph showing the various frequencies I saw, every packet has to come in on some wireless frequency even if it doesn’t have a wifi channel.
The devices seen data was also really interesting.
This chart represents every packet seen, so it’s clearly going to be a long tail. It’s no surprise an access point sends out a lot of packets, I didn’t expect Apple to be #1 here, I expected the top few to be access point manufacturers. It would seem Apple gear is more popular and noisy than I expected.
A more interesting graph is unique devices seen by manufacturer (as a side note, I saw 77,904 devices in total over my 3 days).
This table is far more useful as it’s totally expected a single access point will be very noisy. I didn’t expect Cisco to make the top 3 I admit. But this means that Apple was basically 10% of wifi devices then we drop pretty quickly.
There’s a lot more interesting data in this set, I just have to spend some time finding it all. I’ll also make a point to single out the data specific to business hours. Stay tuned for a far more detailed writeup.
Source From: fedoraplanet.org.
Original article title: Josh Bressers: For a security conference that everyone claims not to trust the wifi, there sure was a lot of wifi.
This full article can be read at: Josh Bressers: For a security conference that everyone claims not to trust the wifi, there sure was a lot of wifi.